SymmetricalDataSecurity: IBM Security Bulletin: Cross-site scripting and failure to enforce HTTP Strict Transport Security vulnerabilities in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4137, CVE-2019-4138)

Friday, May 24, 2019

IBM Security Bulletin: Cross-site scripting and failure to enforce HTTP Strict Transport Security vulnerabilities in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4137, CVE-2019-4138)

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) is vulnerable to cross-site scripting and failure to enforce HTTP Strict Transport Security.

CVE(s): CVE-2019-4137, CVE-2019-4138

Affected product(s) and affected version(s):

IBM Spectrum Control	5.2.13 – 5.2.17.2
IBM Spectrum Control	5.3.0 – 5.3.2

The versions listed above apply to all licensed offerings of IBM Spectrum Control.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10880375
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158333
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158334

The post IBM Security Bulletin: Cross-site scripting and failure to enforce HTTP Strict Transport Security vulnerabilities in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4137, CVE-2019-4138) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ibm.co/2WlhU5I

SymmetricalDataSecurity

Friday, May 24, 2019

IBM Security Bulletin: Cross-site scripting and failure to enforce HTTP Strict Transport Security vulnerabilities in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4137, CVE-2019-4138)

No comments:

Post a Comment

Blog Archive

Search This Blog

Total Pageviews